From owner-freebsd-newbies@FreeBSD.ORG Sat Dec 18 17:24:24 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDB0616A4CE for ; Sat, 18 Dec 2004 17:24:24 +0000 (GMT) Received: from smtp807.mail.sc5.yahoo.com (smtp807.mail.sc5.yahoo.com [66.163.168.186]) by mx1.FreeBSD.org (Postfix) with SMTP id 9171543D31 for ; Sat, 18 Dec 2004 17:24:24 +0000 (GMT) (envelope-from krinklyfig@spymac.com) Received: from unknown (HELO smogmonster.com) (jtinnin@pacbell.net@64.171.1.225 with login) by smtp807.mail.sc5.yahoo.com with SMTP; 18 Dec 2004 17:24:24 -0000 From: Joshua Tinnin To: freebsd-newbies@freebsd.org, chris@seagul.co.uk Date: Sat, 18 Dec 2004 09:24:23 -0800 User-Agent: KMail/1.7.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412180924.23387.krinklyfig@spymac.com> Subject: Re: Syslog remote logging problems X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 17:24:25 -0000 On Sunday 12 December 2004 09:29 am, "Chris Roos" wrote: > Hi, > > I have spent quite some time today trying to get my Netgear DG834 > ADSL Router to log it's syslog messages to syslogd running on FreeBSD > 5.3R. > > The first step was to check that the syslog messages were arriving at > the FreeBSD box by using tcpdump with a filter for udp packets. This > confirmed that the packets were being 'seen' by the FreeBSD box. > > The next step was to set-up a rule in syslog.conf to log all data > from the router to /var/log/router.log. This is where the first > problems appeared. Initially, I added the following to the end of > syslog.conf > > +router > *.* /var/log/router.log > > As this entry was below the program entries for ppp and startslip, > and having read the man pages, I gather that syslog was now set-up to > log from router only entries matching the above programs (due to the > cascading nature of the syslog.conf rules). I moved the router > definition to above the program entries and verified that the log > file was being populated. I read in the man pages that to cancel a > program or hostname rule within the syslog.conf file use '*', however > I have not been able to get this to work correctly. I have tried the > following at the end of the file (before moving the router definition > to above the ppp and startslip program entries to enable it to work > correctly) with no success. > > * > +router > *.* /var/log/router.log > > and > > *+router > *.* /var/log/router.log > > I would like to know the correct format of this so that I can be sure > that I am logging everything I should be. > > In addition to the above, I am having problems starting the syslogd > daemon using the -a flag. If I try to start syslogd with any of the > following options, I do not get the remote logs from router (IP > address 192.168.3.20) > > -a 192.168.3.20 > -a 192.168.3.20/16 > -a 192.168.3.20/255.255.255.0 > -a 192.168.3.20:'*' > -a 192.168.3.20/16:'*' > -a 192.168.3.20/255.255.255.0:'*' > > I am currently running syslogd with no parameters which allows me to > log from the remote host correctly but I would much prefer if I could > allow only the remote host that I want to log from. > > Any help on either of these points would be greatly appreaciated. I see nobody has answered you - this is not actually a tech help list. See: http://lists.freebsd.org/mailman/listinfo/freebsd-questions Anyway, I log a router with my box, but I do it differently. In /etc/rc.conf, you should have: syslogd_flags="-a 192.168.3.20" All logged info from the router can be sent to whatever file with this in /etc/syslog.conf, as you tried earlier: > +router > *.* /var/log/router.log This *should* work, but fwiw, I haven't been able to get it to work. But with the default settings in syslog.conf, router messages are logged in /var/log/messages, which is fine for my purposes right now. I'm sure there's a better way, but at least that will work. - jt